What is user awareness training?
Don’t assume that your staff are 100% up to date on cyber security risks and mitigation measures. We can raise awareness of cyber security threats by training individuals or teams on current risks and how they can be mitigated.
When is user awareness training required?
Cyber security awareness training shouldn’t be done once and forgotten about. Instead, it should be part of each employee’s ongoing learning and development. Your people are your biggest asset when it comes to mitigating cyber security risks, but they’re also your biggest risk. Many phishing attempts are successful because a member of staff is just trying to be helpful.
The user awareness training process
We use a simple yet effective process to ensure that your user awareness training programme is going to work in your organisation.
- Brief: We meet with you to ascertain the type of security awareness activities currently being undertaken by your organisation.
- Research: We identify the key user groups, risk profiles and communication channels in your organisation, then generate training ideas that suit.
- Programme: We provide you with a draft training programme for discussion and approval by key stakeholders. Once approved, we execute the programme.
- Implementation: We undertake the training programme, using resources developed by you, us or a combination of both.
Why BT Cyber?
We can provide customised in-person training sessions, or deliver a customised package that can be delivered within teams across all key business functions. Our team of training consultants have a minimum of 10 years’ experience in cyber security, meaning they’re fully up to date on the latest cyber security intelligence. Our competitive pricing model, combined with a large client base covering multiple industries and flexible business model, means we can put together a bespoke training package that will be tailored to the needs of your staff.
Typically this occurs from a staff member clicking on something they shouldn’t, because they aren’t trained in how to identify and respond to IT security threats. It may be a single account password, or an email address and password. At this stage nothing will likely happen.
The breached information turns up for sale on the “Dark Web” in a sheet. This is a hidden part of the Internet where significant illegal activity takes place. Essentially a “seed” has now been sown, and the intention by cyber criminals on the dark web is to grow this into a “tree” of information.
The information is researched further and added to. It is sold again for slightly more money. This cycle continues, each time building out a bit more of the “tree” of information. This tree while initially starting with your company information can build out to encompass information about staff and their personal life, and other companies you deal with.
At some point after the initial breach (it may be 6 months or a couple of years), there will be sufficient information in your sheet for a cyber-criminal to decide to purchase it with the intention of hitting all the identified breach points. They can do things like:
- Infiltrate other systems in your network.
- Install a crypto locker to lock you out of all your files, and demand a ransom.
- Breach an employee’s personal computer, find browser activity, and threaten to send details of website visits to a family member.
- Use a compromised email account to socially engineer companies you deal with, such as sending them false invoices.
Now a serious breach has occurred. It typically takes just over 6 months for an organisation to find that breach. In this time, significant damage can be done as cyber criminals infiltrate other systems in your network.
That means expensive cyber security expertise is engaged for remediation. This is a difficult and time-consuming process to find and remove infected files / code. The breach point must also be found and fixed, or staff must be trained in cyber security awareness.
Staff downtime costs are on average 3.4 times the breach resolution costs. And while there is downtime, existing customers may not be serviced so some will find new suppliers.
If applicable, the breach must now be reported to the OIAC, and to every customer who is likely to incur “serious harm” from their information being lost. This is a time consuming and expensive process that translates into a loss of reputation, and further customer loss as you are no longer trusted to safely store their information.
From a major breach, 60% of companies will be out of business in 6 months or less.
It’s no longer a matter of “if” a breach will happen, but “when”, “how bad”, and “how often”, and it often starts with a seed of information on the Dark Web from a minor breach. These 4 key activities will make a massive difference to your cyber security risk:
- Cyber Security Awareness Training – Train your staff in how to identify and respond to IT security threats.
- Cultural Change – Embed cyber security into your culture to keep it front of mind for all staff, every day.
- Dark Web Monitoring – Find your information on the dark web to know you have been breached, and fix it early.
- Cyber Security Framework – Ensure you implement a cyber security framework (e.g. Essential 8, CIS, NIST, ISO27001)
We come to you. No projector? No problem, we’ll bring our own. Why onsite training? Because staff are engaged, and learn more! It takes 2 hours, and every attendee gets a summary handout. The course is simple, fun and interactive, and discussions / questions can be specific to your company. There’s a short quiz at the end to run over additional examples, and further reinforce what was learnt. This is the course that easily pays for itself!